cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2024-42181,https://securityvulnerability.io/vulnerability/CVE-2024-42181,Cleartext Transmission Vulnerability in HCL MyXalytics,"HCL MyXalytics contains a vulnerability where sensitive information is transmitted in cleartext, allowing unauthorized individuals to intercept and exploit this data. This flaw poses a significant risk to the confidentiality and integrity of sensitive communications, emphasizing the need for secure transmission methods to safeguard user information from potential breaches.",HCL Software Software,Dryice Myxalytics,1.6,LOW,0.01,false,false,false,false,false,false,false,2025-01-12T22:04:37.495Z,0 CVE-2024-42180,https://securityvulnerability.io/vulnerability/CVE-2024-42180,Malicious File Upload Vulnerability in HCL MyXalytics Application,"HCL MyXalytics is susceptible to a file upload vulnerability that enables attackers to upload and potentially execute malicious files. The application inadequately validates file types, which includes the acceptance of disallowed formats, double extensions, null bytes, and special characters. This flaw can lead to unauthorized access and execution of harmful scripts, jeopardizing the integrity and security of the application and its underlying systems.",HCL Software Software,Dryice Myxalytics,1.6,LOW,0.01,false,false,false,false,false,false,false,2025-01-12T21:53:03.369Z,0 CVE-2024-42179,https://securityvulnerability.io/vulnerability/CVE-2024-42179,Sensitive Information Disclosure in HCL MyXalytics,"HCL MyXalytics is vulnerable to a sensitive information disclosure issue, where the server's HTTP response header incorrectly exposes details regarding the Microsoft-HTTP API/2.0. This can lead to potential information leakage about the server configuration, which may assist malicious actors in exploiting the system further.",HCL Software Software,Dryice Myxalytics,2,LOW,0.01,false,false,false,false,false,false,false,2025-01-12T21:46:39.992Z,0 CVE-2024-42175,https://securityvulnerability.io/vulnerability/CVE-2024-42175,Weak Input Validation in HCL MyXalytics Exposes Applications,"HCL MyXalytics has a vulnerability characterized by weak input validation, allowing the input of special characters without proper length checks. This oversight opens the door to various security threats, including SQL injection, cross-site scripting (XSS), and buffer overflow attacks, potentially compromising the integrity and confidentiality of the application.",HCL Software Software,Dryice Myxalytics,2.6,LOW,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T07:20:57.617Z,0 CVE-2024-42174,https://securityvulnerability.io/vulnerability/CVE-2024-42174,Username Enumeration Vulnerability in HCL MyXalytics Software,"HCL MyXalytics is susceptible to a username enumeration vulnerability that enables attackers to exploit the application by systematically validating usernames. This flaw allows unauthorized users to compile a list of existing usernames, potentially facilitating further attacks such as credential stuffing and targeted phishing. To safeguard sensitive information, organizations using HCL MyXalytics should implement appropriate countermeasures and ensure that their applications are properly secured against such enumeration techniques.",HCL Software Software,Dryice Myxalytics,3.7,LOW,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T07:04:24.964Z,0 CVE-2024-42173,https://securityvulnerability.io/vulnerability/CVE-2024-42173,Improper Password Policy in HCL MyXalytics Allows Brute-Force Attacks,"HCL MyXalytics has a vulnerability related to improper implementation of its password policy. This flaw enables attackers to exploit weak password choices and the absence of account lockout mechanisms, making it feasible to guess or conduct brute-force attacks on user accounts when the corresponding username is known. Organizations using HCL MyXalytics should review their password policies and consider implementing stronger password requirements and lockout protocols to mitigate this risk.",HCL Software Software,Dryice Myxalytics,4.8,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T06:54:33.550Z,0 CVE-2024-42172,https://securityvulnerability.io/vulnerability/CVE-2024-42172,Broken Authentication in HCL MyXalytics Exposes Sensitive Data,"HCL MyXalytics is impacted by a broken authentication vulnerability that permits attackers to seize keys, passwords, and session tokens. This flaw may result from suboptimal configurations, logic flaws, or software issues, creating conditions for unauthorized access and potential identity theft. Applications with access control, including databases, network infrastructure, and web applications, may be affected, leaving sensitive information vulnerable to exploitation.",HCL Software Software,Dryice Myxalytics,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T06:44:28.808Z,0 CVE-2024-42171,https://securityvulnerability.io/vulnerability/CVE-2024-42171,Session Fixation Vulnerability in HCL MyXalytics Software,HCL MyXalytics contains a session fixation vulnerability that allows cybercriminals to manipulate a user's login session by sending specially crafted URLs containing a session token. This could potentially lead to unauthorized access to sensitive information as attackers can hijack active sessions and exploit user credentials without proper authentication.,HCL Software Software,Dryice Myxalytics,6.4,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T06:31:24.165Z,0 CVE-2024-42170,https://securityvulnerability.io/vulnerability/CVE-2024-42170,Session Fixation Vulnerability in HCL MyXalytics Platform,"HCL MyXalytics is susceptible to a session fixation vulnerability, allowing cyber criminals to exploit this flaw by sending specially crafted URLs that include a session token. If a victim unwittingly clicks such a link, an attacker can hijack the user's login session, potentially gaining unauthorized access to sensitive information. This poses a significant risk to user data security, necessitating prompt awareness and mitigation strategies.",HCL Software Software,Dryice Myxalytics,6.8,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T06:17:20.606Z,0 CVE-2024-42168,https://securityvulnerability.io/vulnerability/CVE-2024-42168,Out-of-Band Resource Load Vulnerability in HCL MyXalytics,"The HCL MyXalytics platform is vulnerable to an out-of-band resource load vulnerability. This flaw allows an attacker to set up a web server that can deliver harmful content. Through this, they can trick the application into fetching and processing the malicious data, potentially compromising system integrity and user data.",HCL Software,,,,0.0004299999854993075,false,false,false,false,false,false,false,2025-01-11T03:15:00.000Z,0 CVE-2024-42194,https://securityvulnerability.io/vulnerability/CVE-2024-42194,Improper Permissions in HCL BigFix Inventory Could Lead to Unauthorized Configuration Changes,"The CVE-2024-42194 vulnerability arises from improper handling of insufficient permissions and privileges in HCL BigFix Inventory. This flaw allows an attacker, who possesses only a read-only account, to execute a specially crafted REST API call, potentially enabling them to modify specific configuration parameters. Such unauthorized configuration changes could have significant implications for the security posture and operational integrity of affected systems.",HCL Software,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-17T18:15:00.000Z,0 CVE-2024-42196,https://securityvulnerability.io/vulnerability/CVE-2024-42196,Sensitive Information Exposure in HCL Launch,"The vulnerability involves HCL Launch's handling of sensitive information, which is logged in files accessible through HTTP request logs. Local users with access to these logs can read potentially sensitive data, leading to significant security risks. It is critical for organizations using HCL Launch to implement proper logging controls and limit access to log files to mitigate this risk. Users and administrators are advised to review their logging configurations and consider additional protective measures to enhance data security.",HCL Software,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-12-06T15:15:00.000Z,0 CVE-2024-42195,https://securityvulnerability.io/vulnerability/CVE-2024-42195,HCL DevOps Deploy/Launch Vulnerable to HTML Injection,HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.,Hcl Software,Devops Deploy / Launch,3.1,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-12-05T04:47:28.191Z,0 CVE-2024-30142,https://securityvulnerability.io/vulnerability/CVE-2024-30142,Insecure Cookie Flag Leaves BigFix Compliance Vulnerable to XSS Attacks,"HCL BigFix Compliance is affected by a missing secure flag on a cookie. If a secure flag is not set, cookies may be stolen by an attacker using XSS, resulting in unauthorized access or session cookies could be transferred over an unencrypted channel.",Hcl Software,Bigfix Compliance,3.8,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T08:58:42.811Z,0 CVE-2024-30141,https://securityvulnerability.io/vulnerability/CVE-2024-30141,Error Messages Expose Sensitive Information in HCL BigFix Compliance,"HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information. Detailed error messages can provide enticement information or expose information about its environment, users, or associated data.",Hcl Software,Bigfix Compliance,4.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T08:36:13.573Z,0 CVE-2024-30140,https://securityvulnerability.io/vulnerability/CVE-2024-30140,HCL BigFix Compliance Vulnerability: Unvalidated Redirects and Forwards Put Users at Risk,"HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.",Hcl Software,Bigfix Compliance,5.4,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2024-11-07T08:17:56.737Z,0 CVE-2024-30149,https://securityvulnerability.io/vulnerability/CVE-2024-30149,TLS/SSL Certificate Validation Vulnerability in HCL AppScan Source <= 10.6.0,HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.,Hcl Software,Appscan Source,4.8,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-10-31T08:25:14.693Z,0 CVE-2023-50355,https://securityvulnerability.io/vulnerability/CVE-2023-50355,"Error Messages Expose Sensitive Information, Leading to Potential Attacks","HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack.",Hcl Software,Sametime,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-10-23T23:15:00.000Z,0 CVE-2024-30124,https://securityvulnerability.io/vulnerability/CVE-2024-30124,Insecure Services in HCL Sametime UIM Client,"HCL Sametime has a security concern related to its UIM client, where an unused legacy REST service is enabled by default. This service, which operates using the HTTP protocol, presents a potential attack vector for malicious actors. The default activation of this insecure service increases the risk of exploitation, allowing unauthorized access and manipulation if not addressed properly. It is crucial for organizations using HCL Sametime to evaluate their configurations and ensure disused services are disabled to enhance security posture.",HCL Software,,,,0.0004299999854993075,false,false,false,false,,false,false,2024-10-23T16:15:00.000Z,0 CVE-2024-30122,https://securityvulnerability.io/vulnerability/CVE-2024-30122,,HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these headers.,HCL Software,Sametime,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-10-23T15:15:00.000Z,0 CVE-2024-30117,https://securityvulnerability.io/vulnerability/CVE-2024-30117,Possibility of Library Replacement Attack,A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances.,Hcl Software,Bigfix Platform,5.3,MEDIUM,0.0004600000102072954,false,false,false,false,,false,false,2024-10-14T23:15:00.000Z,0 CVE-2024-30118,https://securityvulnerability.io/vulnerability/CVE-2024-30118,HCL Connections Vulnerable to Information Disclosure Vulnerability,HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to because of improperly handling the request data.,HCL Software,Connections,5.7,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-10-09T20:15:00.000Z,0 CVE-2024-30132,https://securityvulnerability.io/vulnerability/CVE-2024-30132,security vulnerability in Nomad server on Domino could expose sensitive information,HCL Nomad server on Domino did not configure certain HTTP Security headers by default which could allow an attacker to obtain sensitive information via unspecified vectors.,Hcl Software,Nomad Server On Domino,3.7,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-10-01T12:10:08.679Z,0 CVE-2024-30134,https://securityvulnerability.io/vulnerability/CVE-2024-30134,Flagged as Malicious or Unrecognized Application,The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application.,Hcl Software,Hcl Traveler For Microsoft Outlook,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-09-26T14:50:36.754Z,0 CVE-2024-30130,https://securityvulnerability.io/vulnerability/CVE-2024-30130,Cache Vulnerability Threatens Sensitive Information in HCL Nomad server on Domino,HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information.,Hcl Software,Nomad Server On Domino,3.7,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-07-19T02:15:00.000Z,0